Privacy protection policy according to the GDPR
I. Name and address of the data controller
WindStar Medical GmbH
60549 Frankfurt am Main
Tel.: +49 (0) 69 6540 272 102
is the data controller as defined in the EU General Data Protection Regulation (GDPR) and the national data privacy laws.
II. Name and address of the data protection officer
The data protection officer of the data controller is:
Hanauer Landstr. 151-153
60314 Frankfurt am Main
III. General information about data processing
1. The extent to which personal data is processed
We collect and use the personal data of users of our homepage only to the extent that this is necessary for keeping our website, contents and services functioning properly.
Basically, we collect and use our users’ personal data only after they give their consent. An exception to this principle applies in cases where processing the data by statutory provisions is permitted or when obtaining prior consent for actual reasons is not possible.
2. Legal basis for processing personal data
The legal basis for processing personal data is basically based on:
• Art. 6 para. 1 s. 1 lit. a GDPR upon obtaining the consent of the data subject.
• Art. 6 para. 1 s. 1 lit. b GDPR for processing operations that serve to fulfill a contract to which the data subject is a party. Included here are processing operations that are necessary to carry out pre-contractual measures.
• Art. 6 para. 1 s. 1 lit. c GDPR for processing required to fulfill a legal obligation.
• Art. 6 para. 1 s. 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.
• Art. 6 para. 1 s. 1 lit. f GDPR, if the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest.
3. Data erasure and storage duration
The personal data of users will be deleted or blocked as soon as the purpose of the storage is no longer applicable. Additional storage may be provided for by European or national legislators through EU regulations, laws or other regulations to which the data controller is subject. Blocking or deleting the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for additional storage of the data for concluding a contract or fulfilling the contract.
IV. Use of our website, general information
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the user's computer system. The following information is collected:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Amount of data transferred websites
(7) http status code (e.g. "request required" or "requested file not found")
(8) Websites the user’s system accesses to get to our website and websites that the user's system invokes by accessing our website
The described data are stored in the log files of our system. This data is not stored together with any other personal user data.
2. Purpose and legal basis for data processing
Our system must temporarily store user IP addresses to allow us to deliver our website to the user's computer. To do this, the user's IP address must be stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. This data is not evaluated for marketing purposes in this context.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 s. 1 lit. f GDPR.
Collecting your personal data to ensure our web presence and storing this data in log files is essential for operating our website. A contradictory possibility of the user therefore does not exist.
3. Duration of storage
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Your data will be deleted when the session ends if your data has been collected to ensure the site's availability.
If your data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible, whereby in this case, the IP addresses of the users are deleted or alienated. This means that it is then no longer possible to assign the client who has accessed our website.
The legal basis for processing personal data using cookies is defined in Art. 6 para. 1 s. 1 lit. f GDPR. The purpose for using technically required cookies is to simplify the use of our website. We would like to point out that some functions on our website can only be offered if cookies are enabled.
We do not use user data collected by technically required cookies to create user profiles.
The legal basis for the processing of personal data using cookies for analysis and advertising purposes is Art. 6 para. 1 s. 1 lit. a GDPR if the user has given his consent.
Cookie consent with Usercentrics
When you enter our website, the following personal data is transferred to Usercentrics:
• Your consent(s) or revocation of your consent(s)
• your IP address
• information about your browser
• information about your terminal device
• time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
For more information on data processing by "Usercentrics", please refer to the data protection information at https://usercentrics.com/de/datenschutzerklaerung/
Here you can view and adjust your cookie settings.
VI. Data transfers to third countries (outside of the EU):
The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible when your personal data is being processed. Within some exceptions we may process personal data outside the EU through third-party services. This may only be the case where the special requirements in accordance with Art. 44 et. seq. GDPR are fully met. This means that the processing of your data may then only take place when the third country has been declared to ensure an adequate level of protection by the European Commission or if the European Standard Contractual Clauses have been signed.
VII. Electronic contact
It is possible to contact us via the e-mail address or telephone number provided. In this case, the user's personal data transmitted with the e-mail or telephone will be stored.
Customer support is a service of Sanvartis GmbH and includes pharmaceutical/medical information by specialist staff working there via e-mail and telephone. All information received is documented by Sanvartis and forwarded in writing to Districon GmbH and WindStar Medical GmbH within 24 hours.
The legal basis for the processing of the contact request and its handling is regularly Art. 6 para. 1 s.1 lit. b GDPR, additionally Art. 6 para. 1 s.1 lit. f GDPR.
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. For personal data sent by e-mail or telephone, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
If the process is based on the legal basis of Art. 6 para. 1 s. 1 lit. f GDPR (legitimate interest), you can object to the storage of your personal data at any time. However, we would like to point out that in such a case the conversation cannot be continued. All personal data stored in the course of contacting you will be deleted in this case.
VIII. Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
The legal basis for the use of the technically necessary cookie is the legitimate interest of the website operator pursuant to Art. 6 para. 1 s. 1 lit. f GDPR.
IX. Content Delivery Networks (CDN)
This site uses so-called Content Delivery Networks to provide popular online libraries and web fonts. Access is then made directly to the servers of the operators, so that data such as the calling IP address, referrer, browser information, etc. accrue there.
The legal basis for this is our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR to present our site in a needs-oriented manner and to optimize the user experience.
You can prevent the collection as well as the processing of your data by CDNs by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find such a blocker, for example, at www.noscript.net).
The following is a list of the CDNs we use:
1. Google Web Fonts
We integrate the fonts ("Google Web Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on the basis of our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR. The aim is the optimization and economic operation of our homepage.
The opt-out can be set at: https://adssettings.google.com/authenticated.
2. Adobe Typekit (Adobe Fonts)
We use Adobe Typekit for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Ltd. that gives us access to a font library. To integrate the fonts we use, your browser must connect to an Adobe server in the United States and download the font required for our website. Adobe thereby receives the information that our website was accessed from your IP address.
X. Web Analytics
1. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called "cookies," text files that are stored on your computer and they allow how you use the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and is stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and Internet usage to the website operator.
The IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google.
You can prevent the storage of cookies by enabling a corresponding setting in your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as prevent Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the extension "_anonymizeIp()." As a result, IP addresses are processed shortened so that they cannot be related to any one particular person. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded, and the personal data will be deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. We use the statistics to improve our offer and make it more interesting for you as a user. The legal basis for using Google Analytics is your consent, as defined in Art. 6 para. 1 s. 1 lit. a GDPR.
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User conditions: http://www.google.com/analytics/terms/de.html ,
Data privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html ,
data protection policy: http://www.google.de/intl/de/policies/privacy.
2. GA Audiences
Our website uses GA Audiences, a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA Audiences uses, among other things, cookies that are stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) and that enable an analysis of the use of the respective devices. Some of the data is analyzed across devices. Google Audiences receives access to the cookies created in the context of the use of Google Adwords and Google Analytics. In the course of use, data, such as in particular the IP address and activities of the user, may be transmitted to a server of Google Inc. and stored there. Google Inc. may transfer this information to third parties if required to do so by law, or if such data is processed by third parties. You can prevent the collection and forwarding of personal data (esp. your IP address) as well as the processing of this data by deactivating the execution of Java Script in your browser or installing a tool such as 'NoScript'. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). Further information on data protection when using GA Audiences can be found at the following link:
The legal basis for the processing of your data is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR.
XI. Social Media
We maintain fan pages within various social networks and platforms for communicating with customers, prospects and users who are active there and for informing them about our services.
We would like to point out that your personal data may be processed outside the European Union, which may pose risks to you (e.g. in enforcing your rights under European/German law).
These users’ data are usually processed for market research and advertising purposes. Thus, for example, user profiles are created based on the user’s behavior and interests. These usage profiles can in turn be used to do such things as place advertisements inside and outside the platforms that are allegedly in line with users' interests. For these purposes, cookies are usually stored on the user’s computer where the user’s behavior and the user’s interests are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices that the users use (this is especially true if the users are members of the respective platforms and are logged in to them).
Processing personal user data is based on our legitimate interests in an effective user information and communication with users in accordance with. Art. 6 para. 1 s. 1 lit. f. GDPR. The legal basis for processing user info is Art. 6 para. 1 s. 1 lit. a., Art. 7 GDPR, and this entails the respective providers asking users to consent to data processing (that is, that they declare their agreement, for example, by ticking a check box or clicking on a button to confirm).
Additional information about processing your personal data as well as your revocation options can be found under the links for the respective providers listed below. The assertion of information and further rights of the data subjects can likewise take place opposite the offerors, who then have only the direct access to the data of the users and have appropriate information. Of course, we are available for questions and support if you need help. Providers:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland
XII. Your rights/rights of the data subject
According to the EU General Data Protection Regulation, as an affected party you have the following rights:
1. The right to receive information
You have the right to receive from us as data controller the information whether and which personal data concerning you are processed by us as well as further information in accordance with the legal requirements pursuant to Art. 13, 14 GDPR.
You can claim your right to information under: firstname.lastname@example.org
2. The right to rectification
If we process your personal data incorrectly or in an incomplete manner, then you have a right for it to be corrected/completed. The correction will be made immediately.
3. Right to restriction
You have the right to restrict the processing of personal data concerning you in accordance with the legal provisions (Art. 18 GDPR).
4. The right to delete
If the conditions set out in Article 17 of the GDPR apply, you may request that the personal data relating to you be deleted without delay.
We would like to point out that the right to erasure does not exist insofar as the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3.
5. Right to information
If you have asserted the right to rectify, delete or restrict the processing, we are obligated to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of effort. You also have the right to be informed about these recipients.
6. Right to data portability
According to the GDPR, you also have the right to receive the personal data concerning you that has been provided to us in a structured, common and machine-readable format or to request its transfer to another controller.
7. Right to revoke the declaration of consent to data protection
You have the right to revoke your data protection declaration at any time. Please note that revoking consent does not affect the lawfulness of the processing carried out based on the consent until the revocation goes into effect.
8. Right to objection
Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 s. 1 lit. e or f GDPR.
9. Automated decision on an individual basis, including profiling
Under the EU General Data Protection Regulation, you remain entitled not to be subjected to a decision based solely on automated processing - including profiling - which would have legal effect or would affect you in a similar manner.
10. Right to complain to a supervisory authority
Finally, if you believe that the processing of personal data concerning you is contrary to the GDPR, you have the right to complain to a supervisory authority, in the Member State of its place of residence, employment or the location of the alleged infringement.